What You Need To Know About Today’s Apple Hack

applelogo

What Happened?

According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.

How Did It Happen?

It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”

Did The Hackers Steal Any Data?

According to Apple, no. “We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”

Okay, But If It Happened To Apple, It Can Happen To Me… Right?

Yes, if you have Java installed on your OS X machine. But Apple is saying that they will be “issuing software” to prevent the malware from infecting users. This probably means that they will be updating their anti-malware blacklist in OS X today to make sure that Mac users won’t be infected the same way they were. This will happen automatically in the background.

What Is Java?

Java is a software platform that is dedicated to deploying apps across multiple platforms at once. You shouldn’t confuse it with JavaScript, a web browser scripting language. JavaScript is usually pretty safe, but Java is prone to a number of exploits, and can be much more dangerous to end users.

How Do I Protect Myself From Future Zero-Day Java Exploits?

You should seriously consider uninstalling Java if you are concerned about falling prey to such exploits. In fact, you probably don’t even need Java on your machine.

Many of the malware hacks that happen these days occur because of vulnerabilities in Oracle’s software that haven’t yet been patched (called zero-day exploits); in fact, it’s for just this reason that Apple deprecated shipping their own versions of Java back in 2010. They simply couldn’t keep their own version of Java updated quickly enough to address exploits.

If you don’t need Java on your machine, it’s easy to uninstall. Here’s how to do it:

Note: To uninstall Java 7, you must have Administrator privileges.

  1. Click on the Finder icon located in your dock
  2. Click on Applications tab on the sidebar
  3. In the Search box enter JavaAppletPlugin.plugin
  4. This will find the JavaAppletPlugin.plugin file
  5. Right click on JavaAppletPlugin.plugin and select Move to Trash

You can also simply switch off Java in your browsers of choice. Check out our how-to guide for a step-by-step look at how to do that. 

  • B066Y

    “You should seriously consider uninstalling Java if you are concerned about falling prey to such exploits. In fact, you probably don’t even need Java on your machine.”

    Good luck with not needing Java

  • jpaul

    Darn! Your Open ID system returns to the web page and EMPTIES the commend box.

    So, my nicely crafted, brilliant remark has just vanished into thin air!

    In any event, appreciate that you distinguished Java and Java Script.

    However, when I searched for “JavaAppletPlugin.plugin” it was nowhere to be found! I even did a full disk search, along with turning on System Files included and Invisible ones. Nothing showed up! Nada, zilch.

    For the millions of us, well dozens at least (!), still on Snow Leopard, where do we find it?

    Thanks. I’ll take my answer off the air! :-)

  • WXMAN2001

    I removed java from my iMac for over a year. Don’t need it, and never had a problem. Just remove it. It’s of no use.

  • HarryWessling

    Java? I never activated this plugin on my macs and I never missed it (OK, I am not a Minecraft gamer).

  • CharilaosMulder

    “You should seriously consider uninstalling Java if you are concerned about falling prey to such exploits. In fact, you probably don’t even need Java on your machine.”

    Good luck with not needing Java

    perfectly possible. what ancient/crappy apps need java to run? java has only caused a lot of trouble lately on the mac.

  • robert_walter

    Removed Java from my mac box, and those of friends and family, some time ago.

    A “Check for Updates” failed to show today’s update (I did install the iTunes update though.)

    Question: Does one have to have Java installed for the anti-malware software to run? For example, if someone had Java, became infected, and then removed the Java a day before the Apple hack was publicized, would Apples software from today still run (or is it dependent on Java being installed – which would seem to be a mistake…) If this dependency exists, how is one to know if there is malware on their mac?

    Any answers from the community would be appreciated.

  • B066Y

    perfectly possible. what ancient/crappy apps need java to run? java has only caused a lot of trouble lately on the mac.

    Quite a few business apps still require Java and most government apps.

About the author

John BrownleeJohn Brownlee is a Contributing Editor. He has also written for Wired, Playboy, Boing Boing, Popular Mechanics, VentureBeat, and Gizmodo. He lives in Boston with his wife and two parakeets. You can follow him here on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , |